Smoothwall Filter (On Premise)

Any and all ideas and feedback for Smoothwall

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Address Objects to include DOMAIN WILD CARDS (like *.domain.com)

    Due to the development of Cloud Services I need to place domain wildcards into Smoothwall Address Objects instead of ever changing IP Addresses.
    Address Objects ONLY allow IP addresses and ranges but this does not work where external IP addresses are changing unpredictably under a DNS domain (where the Domain name remains constant of course).
    An increasing number of cloud services make this feature increasingly urgent.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firewall log viewer should have a NOT boolean function

    In the firewall viewer it should be possible to have a NOT option. This is a standard feature on other firewall products. e.g. if wanting to see all the traffic from a particular IP address except ports 80 & 443.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  3. GLOBAL replicated firewall rules

    GLOBAL replicated firewall rules that can be replicated to child nodes, just like Guardian policies in a tenant environment.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide statistics on which firewalls have been used, how much, and when.

    I have a large number of firewall rules. When I do an audit it would be great to be able to see information relating to how used the rule has been - the number of packets, the volume of data, the typical hours of use, the host distribution, and the last time traffic was permitted to the rule.

    This would make it much easier for me to identify which rules are actually no longer needed, and also provide information as to how the rules might be tightened.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  5. Make it possible to set an End Date for firewall rules

    I am regularly told that a port needs to be opened for a fairly brief period of time - sometimes it's just one day, sometimes a week or a couple of months. It would be great if I could set up the firewall rule and at the same time specify a date & time when the rule expires. (even better if I could have a choice of whether to delete it, disable it, or notify me of the fact that I need to check if the rule is still needed.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  6. Subnet Routing Verification & Automatic Undo after 10 seconds

    Currently, if I type in a incorrect route, lets say I did a 10.60.4.0/20 . It accepts it, even though the subnet should start at 10.60.0.0. This in essence makes you believe your route is in place but the Smoothwall simply ignores it. It would be nice to see a validation or do what Watchguard/Other firewalls do and prevent incorrect routes being put in.

    Additionally, when a route is put in, it should apply the setting but then undo itself after 10-15 seconds unless you confirm it. Similar to when you change resolution on a windows PC. This will then…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to import multiple CIDRs at a time into the same object rather than one CIDR at a time in different objects

    If I want to allow connections on non-standard ports (i.e. not 443 or 80, everything else is default dropped) to a wide range of addresses owned by the same hosting company, it would be much easier to paste in a list of CIDR IPs into the same object rather than one CIDR at a time into different objects.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  8. IDS

    I have worked with several firewall appliances in the past that have the ability to drop or reset network traffic when a threat is detected by the IDS. If a threat is deemed as a false positive, a rule can be created to whitelist that particular vulnerability for that IP address of the internal device. This would help stop any threats from communicating on the network until deemed safe.

    I would also like to see the source IP address of the internal device when running reports. Currently, we only see the Firewall public IP -> External IP of device on…

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  9. Help display

    help distorts page display

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  10. your export process does not offer a start AND end time option

    your export process does not offer a start AND end time option so how can we export the hours of logs we want to see ? your export options are lacking in usability.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support for packet capture within the user interface

    It would be extremely useful to be able to perform a packet capture (.pcap / tcpdump) from the Smoothwall web interface for the purposes of troubleshooting. Presumably this is simply achieved if you have root access and can log in over SSH, but in environments where this is not available, there is no way currently to perform a packet capture and a very useful troubleshooting option is therefore not possible.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPS - autoblock probe IPs

    It would be useful if Smoothwall had a way of automatically blocking IP addresses of malicious/probe packets dropped by IPS.
    Thanks.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow selection of individual IPSEC VPN links when creating firewall rules

    Allow selection of individual IPSEC VPN links when creating firewall rules

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  14. Filter IDS logs to show Priority 1

    Ability to filter IDS logs to show Priority 1.
    Also make the IDS log searchable.
    Both can be achieved by export, but it would be nice to be able to do it within the web interface.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  15. SSL VPN Road Warrior - filter by geo location

    We get incessant SSL road warrior connection attempts from hostile IP addresses. I can limit by groups and can block IP's manually via firewall rule, but that's a rough way to cut down on this traffic. The VPN control panel is therefore drowning in "unfinished" road warrior connections. I'd love it if there was a geo location way to filter traffic in general, but more specifically for SSL VPN. Especially useful for an SMB like us who only have employees in the U.S. and can safely block SSL VPN attempts from all other countries

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  16. Auto Blocking IP's based on rules / policy / triggers.

    I spend my mornings checking who has tried to hack us - when I see IP's that have been trying for hours / days I add their IP to my block-list.
    This is now getting too time consuming to manage. Can we not have an auto block to any IP's that continually try to hack us. Maybe we can set some thresholds that when any IP triggers they get an auto block. But going forward I think this is a must.

    I am sure my lfd on my Linux web server auto blocks hack attempts. Would love my Smoothwall to…

    29 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Layer 7 rules should be both allow and deny

    Presently (Kennilworth) layer 7 filtering can only be applied to deny rules. This doesn't seem helpful to organisations that begin with a "block all ports and open only what we need" strategy which seems to be the most common strategy.

    It would be most helpful (and an excellent selling point) if we could just allow Dropbox or Skype or WhatsApp with the bare minimum of effort.

    27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →

    Currently this is not possible to achieve, as layer7 relies on allowing a few “unknown” packets through before we get an idea of what the traffic is. As such, you can’t work out what the traffic is until too late for an “allow”.

    We’re looking at Layer7 options that provide a “first packet ID” but this is early stages

    Tom

  18. bandwidth module improvements "Policing"

    The current Bandwidth Module provides "shaping" which is only good for outbound connections. Its a store and forward from my understanding.

    Policing on the other hand can be applied to both inbound and outbound connections. It relies on IP (i believe) to slow down the connection by dropping packets. (Would only be good for TCP) It would be great if we could limit inbound and outbound based on External and Internal ip addresses. Currently inbound connections can flood the whole RED adapter.

    Example an internal address requests data from say Microsoft Updates. The Max connection rate will be used to…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  19. Bulk import of IP addresses

    When adding IP blocks, it would be useful to import from CSV rather than adding line by line

    I have 6000 addresses i need importing

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
  20. Multiple Domains via Reverse Web Proxy

    We would like to ability to host multiple websites with different domain names via the Reverse Web Proxy. At the moment this feature does not exist however it would be great if it did as I would not have to purchase another appliance to achieve this for the business.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Firewall & Routing  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Smoothwall Filter (On Premise)

Feedback and Knowledge Base